dummy/linux-stable-mirror
1
0
Fork 1
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ synced 2025-04-19 20:58:31 +09:00
Code Issues Packages Projects Releases Wiki Activity

crypto: scomp - Fix wild memory accesses in scomp_free_streams

Browse Source 
In order to use scomp_free_streams to free the partially allocted
streams in the allocation error path, move the alg->stream assignment
to the beginning.  Also check for error pointers in scomp_free_streams
before freeing the ctx.

Finally set alg->stream to NULL to not break subsequent attempts
to allocate the streams.

Fixes: 3d72ad46a23a ("crypto: acomp - Move stream management into scomp layer")
Reported-by: syzkaller <syzkaller@googlegroups.com>
Co-developed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Co-developed-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Herbert Xu 2025-04-11 09:26:47 +08:00
parent b7b39df7e7
commit 9ae0c92fec
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
crypto/scompress.c
View File

@ -111,13 +111,14 @@ static void scomp_free_streams(struct scomp_alg *alg)
struct crypto_acomp_stream __percpu *stream = alg->stream;
int i;
alg->stream = NULL;
if (!stream)
return;
for_each_possible_cpu(i) {
struct crypto_acomp_stream *ps = per_cpu_ptr(stream, i);
if (!ps->ctx)
if (IS_ERR_OR_NULL(ps->ctx))
break;
alg->free_ctx(ps->ctx);
@ -135,6 +136,8 @@ static int scomp_alloc_streams(struct scomp_alg *alg)
if (!stream)
return -ENOMEM;
alg->stream = stream;
for_each_possible_cpu(i) {
struct crypto_acomp_stream *ps = per_cpu_ptr(stream, i);
@ -146,8 +149,6 @@ static int scomp_alloc_streams(struct scomp_alg *alg)
spin_lock_init(&ps->lock);
}
alg->stream = stream;
return 0;
}